One of our partners sent me a Key Injection Tool to inject encryption keys into a PINPAD with. Looks like they were short on developers and had to hire Python typists who have made a mess of a simple AES encryption/decryption. When do these companies learn that writing a security related software in Python is not really secure? I had to read the rubbish in Python and read it from scratch in C++ to get it to work, and am now contemplating whether to provide that company with my version of their Key Injection Tool or not...

Compiled languages give no greater level of security than interpreted languages. Decompilers are a thing, and have been for a long long time.

Besides, people can just read assembly if they really want to.

Why do you think C++ is more secure than python?

@atheist In certain areas you need "predictability" interpreted languages cannot provide. With predictability I mean:

- Predictable memory. Assuming I do cryptography in Python. With the dynamic memory management, secret keys and data may remain in memory quite a long time - I can't even clear a string in Python! And depending on the security requirements, I may have to do it.
- Side channel resistance. If I compute e.g. RSA operations with Python, the integer implementation will leak data because of minor (measurable) differences between each operation. I can't even implement counter measures, as there is too much of other things happening in the interpreter. One can't even compare to strings to equality in constant time w/o calling a function written in C...

This is *only* required for certain areas - mainly cryptography, and only against "advanced" attackers.
When creating larger applications, avoiding memory issues is usually better than having such predictability...